GOBUSTER

root@oco:~$ find / -iname directory-list -type f 2>/dev/null
 /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt

RECURSIVE PAGE FUZZING

root@oco:~$ cp /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-small.txt .

#modify the wordlist and add the reverse shell file name
root@oco:~$ directory-list-2.3-small.txt
 php-reverse-shell
 
 * note: the server might change the filename as it get uploaded as a security measure

root@oco:~$ gobuster dir --url http://{targetIP}/ --wordlist directory-list-2.3-small.txt -x php -r -t 50
 /.php                 (Status: 403) [Size: 277]
 /themes               (Status: 403) [Size: 277]
 /uploads              (Status: 403) [Size: 277]
 /css                  (Status: 403) [Size: 277]
 /index.php            (Status: 200) [Size: 10932]
 /images               (Status: 403) [Size: 277]
 /js                   (Status: 403) [Size: 277]
 /fonts                (Status: 403) [Size: 277]
 
 * the "dir" option refers directory enumeration mode
 * the --url specifies the target IP/URL
 * the --wordlist specifies the wordlist to use
 * the -x appends file extensions to each word in the wordlist
 * can specify multiple extensions by separating them with commas
    - php,html,txt
 * the -r refers to "recursive fuzzing" (if a directory is found, it continues brute-forcing inside it)
 * the -t will use multi threading to make the scan faster (default is 0)
    - this could trigger rate-limiting or bans

Last updated 4 months ago